Syncsort Debuts Unified IBM i Security Suite
April 10, 2019 Alex Woodie
Syncsort rolled out a suite of software this week that unifies several of the IBM i security products it has acquired over past two years. Dubbed Assure Security, the suite is designed to help IBM i shops lock down servers and protect them from threats while getting a handle on emerging data regulations, like the looming California Consumer Privacy Act (CCPA).
The acquisition of Vision Solutions by Syncsort back in June 2017 closely coincided with the two companies’ joint pivot into data security. Vision, of course, was best known as a provider of IBM i high availability solutions when it announced its acquisition of Enforcive (formerly BSafe Global Security). A day later, Syncsort announced its intent to buy Vision Solutions.
Months later, Syncsort followed up with its acquisition of Cilasoft, which added a Db2 database security and monitoring solution to the well-rounded suite of IBM i security tools that it obtained with Enforcive. Finally, in May of 2018, Syncsort nabbed the IBM i encryption software from Townsend Security, leaving that company effectively out of the IBM i market.
Executives with Syncsort said they planned to deliver unified product suites for both its security and HA lines, including a complete rationalization of underlying code-bases (it also acquired Trader’s, giving it four disparate IBM i HA products: MIMIX, iTera, Quick-EDD, and the legacy ODS/OMS line).
Syncsort officials pledged last year that the unification would begin with a standard GUI that works across HA and security lines. While we have yet to see a rationalization of the HA products, the company is clearly moving ahead with the unification of the security tools around the Assure brand.
Syncsort Assure consists of four modules at the moment, including Compliance Monitoring, Access Control, Data Privacy, and Security Risk Assessment. The modules can be purchased and used as a single entity, or purchased and used separately, Syncsort says.
- Assure Compliance Monitoring: This product, which is based on the QJRN/400 product originally developed by Cilasoft, watches key areas of the IBM i operating system and database for signs of activity. If it detects something is amiss, it will send a real-time alert to an administrator, or alternatively send it to a third-party SIEM solution. In addition to monitoring the Db2 for i database, it can block areas of the database from view.
- Assure Access Control: This product, which is based on software obtained from Cilasoft, is designed to prevent unauthorized access to the IBM i server, including via network, communication ports, database protocols, and the 5250 interface. It also provides multi-factor authentication (MFA) and integrates with the SecureID technology from RSA. This product also can be used to temporarily provide users with elevated authorities for accomplishing certain tasks.
- Assure Data Privacy: This product, which is based on Townsend’s Alliance and FTP software, provides a full range of encryption capabilities for IBM i data, including for data at rest in the database, and data in motion over network protocols. The software also provides data tokenization and file masking, as well as secure file transfer capabilities.
- Assure Security Risk Assessment: This product, which is based on technology originally developed by Enforcive, provides an automated security assessment for IBM i servers. The software checks 12 categories of security values, and recommends ways that users can improve security.
While the Security Risk Assessment offering contains software from Enforcive, the bulk of the Assure is based on technology that originated from the Cilasoft and Townsend deals. The company continues to sell the comprehensive Enforcive security software lineup as an independent solution.
Syncsort used the existing Cilasoft and Alliance products as jumping off points, and extensively repackaged the technology and combined it with greenfield software development. For example, the new enterprise monitor dashboard communicates essential information regarding the Assure lineup, and it also communicates the status of the MIMIX and Quick-EDD HA products, too.
There is also failover scripting to ensure the Assure product line continues to monitor and protect IBM i data in the event of an HA failover (provided, of course, that those HA products are managing the failover process).
The Assure Security suite is designed to bolster the security postures of IBM i shops, which is a big concern at the moment. A recent Syncsort survey found that 41 percent of IBM i shops say they have been the victim of a cyberattack, with another 20 percent saying they weren’t sure if they had been attacked.
“Our new Assure Security product leverages our wealth of IBM i security technology and expertise to help organizations address their highest-priority challenges,” states Syncsort Chief Product Officer David Hodgson in a press release. “This includes protecting against vulnerabilities introduced by new, open-source methods of connecting to IBM i systems, adopting new cloud services and complying with expanded government regulations.”
While it was designed to protect residents of the European Union, the General Data Protection Regulation (GDPR) also applies to American companies. Complying with GDPR requires companies to ensure they are not mishandling their clients’ data, including gaining their permission to collect data, and giving users the right to ask their data to be deleted.
The CCPA that goes into effect on January 1, 2020, is similar in some ways to GDPR. But there are key differences that companies doing business with California residents will need to be aware of.